AI Agents in the SOC: Hype, Reality, and What You Should Actually Do
AI agents are taking over SOC tasks in 2026. Here's what actually works, what's marketing, and how to prepare your team without losing control.
Blog
Notes
On Microsoft security operations, MDR design, KQL hunting, and AI security.
OWASP Agentic AI Top 10: What It Means If You Actually Run AI Agents
OWASP published its Top 10 for AI agents. Here's what the list actually means, which risks are real, and what to do first.
Palo Alto Buys CyberArk for $25 Billion. What It Means for Identity Security.
Palo Alto Networks puts $25 billion on the table for CyberArk. It's a new playbook for identity security.
73% of Security Teams Say AI Threats Are Real. Half Feel Unprepared. Now What?
73% of security teams say AI threats are real, but only half feel prepared. Here's what the Darktrace data reveals and how to close the gap.
Moltbook Breach: The First Mass AI Agent Security Incident Is Here
A security flaw in Moltbook exposed thousands of users' private data. One researcher registered 500,000 fake accounts in an afternoon. Here's what happened.
The AI Agent Identity Crisis: Why Your Security Model Is Already Broken
Companies are giving AI agents the keys to everything. Most don't know how many agents they have. The biggest identity blind spot in a decade.
Hunting Sliver C2 with Microsoft Defender XDR and Sentinel: A Practical Guide
Sliver has evolved from a red team framework into a real-world threat actor tool. Here's how to hunt for Sliver implants using behavior-based detection.
LangGrinch Alert: Critical LangChain Vulnerability CVE-2025-68664 - Detection and Response Guide
A CVSS 9.3 vulnerability in LangChain Core allows secret theft and potential code execution. Here's how to detect, hunt, and fix it.
Secure AI Adoption: Practical Implementation with Microsoft Purview and Defender
32% of data breaches involve generative AI. Here's how to detect and handle AI data risks with Microsoft Purview, KQL queries, and IR playbooks.
Dissecting the Multi-Stage AiTM Campaign: A Security Operations Playbook
Breaking down Microsoft's latest threat intelligence on SharePoint-abusing AiTM phishing campaigns. Practical detection and response strategies included.
Tsundere Bot: Hunting the Initial Access Broker Pipeline to Ransomware
TA584's new toolkit combines Tsundere Bot with ClickFix techniques to establish footholds for ransomware. Here's how to detect and disrupt this attack chain.